Skip to content

Commit

Permalink
Add policy for ecs task for efs volumes (#64)
Browse files Browse the repository at this point in the history
  • Loading branch information
adenot authored Dec 13, 2024
1 parent 4954e04 commit 5252479
Showing 1 changed file with 22 additions and 1 deletion.
23 changes: 22 additions & 1 deletion iam-ecs-task.tf
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,29 @@ resource "aws_iam_role_policy" "s3_policy" {
EOF
}

resource "aws_iam_role_policy" "efs_policy" {
name = "ecs-efs-policy"
role = aws_iam_role.ecs_task.name

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeFileSystems"
]
Resource = "*"
}
]
})
}

resource "aws_iam_role_policy_attachment" "extra_task_policies_arn" {
for_each = toset(try(var.extra_task_policies_arn, []))
role = aws_iam_role.ecs_task.name
policy_arn = each.key
}
}

0 comments on commit 5252479

Please sign in to comment.